By Bethwel Opil
Even though the evolution of technology has seen artificial intelligence (AI), machine learning, and automation become commonplace in delivering more innovative cybersecurity solutions, the biggest risk will always remain the human factor. To this end, companies must consider how to educate their employees and embrace the concept of building a human firewall if they are to mitigate the constant threat of cyberattacks.
In Africa, the most common cybersecurity concerns over the past several months have been phishing attacks, malware threats, ransomware, and mobile-related attacks. The lockdowns have exacerbated these instances with most employees working from outside the relative safety nets of their corporate cybersecurity environments.
Training done differently
This of course has resulted in companies having to rethink how best to secure the remote environment and safeguard back-end systems and sensitive data. Though, unfortunately, malicious users have exploited the COVID-19 uncertainty to focus on compromising consumer systems (from routers to laptops) and piggyback on ‘secure’ connections back into the corporate network. As a result, what the concept of the human firewall does is to provide employees with comprehensive cybersecurity training, that not only provides vital security awareness skills for a digitally-connect workplace, but minimises human error that can cripple organisational effectiveness when it comes to cybersecurity policies and procedures.
Think of a human firewall as combining security awareness and training solutions to deliver a comprehensive way for organisations to protect all levels of their structure – regardless of where people are working from. Certainly, one of the best ways to do this is through a ‘learn-by-doing’ approach. Too often, companies think holding a mini workshop for new employees is adequate, but the reality is that they very rarely revisit this kind of training or information. However, the human firewall concept sees ongoing cybersecurity training and learning become infused into all aspects of the company to ensure that it remains top of mind.
Changing threat landscape
Central to this training is understanding how attack perimeters are evolving, especially as technology shifts are taking place every month. It is no longer about installing anti-virus and traditional firewalls and thinking that is adequate. Instead, it is about giving all employees the opportunity to continually upskill and reskill themselves around cyber awareness.
For this to work, training must be engaging. More traditionally minded training material should be relegated to the past. Instead, gear the training to provide measurable value to all levels of employees within the business, whether it is the receptionist or the CEO. The content must be reflective of the current threat landscape and provide enough guidance to cater for likely future scenarios. And, as no two companies are alike, there is no ‘off-the-shelf’ training solution that can deliver comprehensive value to every business. The focus therefore should be on a cybersecurity service provider that can adjust the training to reflect the changing threat landscape constantly while also remaining cognisant of the business requirements.
Enhancing human expertise
One thing the human firewall concept is not about is replacing people. Instead, it is about enhancing their skill sets to fight human error. While it can never be eliminated entirely, companies can create enough awareness and provide a foundation for new skills development, to significantly reduce instances of this occurring.
Such training also does not replace cybersecurity policies and procedures which remain critically important. Management must view it as a way of improving cybersecurity competency levels to instill better awareness of how threats can enter the corporate network and what employees can do to reduce the chances of this happening.
As a result, the end goal is to keep sensitive data protected while still maintaining operations regardless of where employees are working from or what devices they use – making sure they understand the implications and consequences at all times.
(Bethwel Opil is the Enterprise Sales Manager at Kaspersky in Africa).